SB18-078: Vulnerability Summary for the Week of March 12, 2018

10-strike — network_monitor
  Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact. 2018-03-12 not yet calculated CVE-2018-6016
FULLDISC abine_blur — abine_blur
  The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. 2018-03-11 not yet calculated CVE-2018-7213
MISC
MISC afflib — afflib
  The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value. 2018-03-11 not yet calculated CVE-2018-8050
MISC ajenti — ajenti
  Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application. 2018-03-13 not yet calculated CVE-2018-1000126
MISC ajenti — ajenti
  Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter .. 2018-03-13 not yet calculated CVE-2018-1000081
MISC ajenti — ajenti
  Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin. 2018-03-13 not yet calculated CVE-2018-1000080
MISC ajenti — ajenti
  Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. 2018-03-13 not yet calculated CVE-2018-1000083
MISC ajenti — ajenti
  Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed.. 2018-03-13 not yet calculated CVE-2018-1000082
MISC alienvault — alienvault
  A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. 2018-03-14 not yet calculated CVE-2018-7279
CONFIRM
CONFIRM apache — allura In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim’s browsing session. 2018-03-15 not yet calculated CVE-2018-1319
MLIST apache — commons_compress A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress’ extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress’ zip package. 2018-03-16 not yet calculated CVE-2018-1324
MLIST apache — http_server_mod_cluster
  Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. 2018-03-09 not yet calculated CVE-2016-8612
REDHAT
BID
REDHAT
REDHAT
CONFIRM apache — tomcat_jk_isapi_connector The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. 2018-03-12 not yet calculated CVE-2018-1323
BID
MISC appweb — appweb
  The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. 2018-03-14 not yet calculated CVE-2018-8715
MISC
MISC asus — rt-n14uhp_devices
  ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the “flag” parameter. 2018-03-16 not yet calculated CVE-2017-12590
MISC asyncssh — asyncssh
  The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. 2018-03-12 not yet calculated CVE-2018-7749
CONFIRM
MLIST atlassian — jira
  The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI. 2018-03-16 not yet calculated CVE-2016-10716
MISC
MISC atlassian — jira
  The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI. 2018-03-16 not yet calculated CVE-2016-10715
MISC aurea — jive-n
  The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files. 2018-03-12 not yet calculated CVE-2018-5758
MISC authentikat-jwt — authentikat-jwt
  A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. 2018-03-17 not yet calculated CVE-2017-18239
MISC
MISC
MISC bitdefender — bitdefender
  BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an “insecurely created named pipe”. Ensures full access to Everyone users group. 2018-03-12 not yet calculated CVE-2018-6183
FULLDISC bitmessage — pybitmessage
  Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim – e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3. 2018-03-13 not yet calculated CVE-2018-1000070
MISC blackberry — uem_management_console
  In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. 2018-03-13 not yet calculated CVE-2017-17442
CONFIRM bmc_remedy — ar_system
  BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. 2018-03-10 not yet calculated CVE-2017-18223
CONFIRM bmc_remedy — ar_system
  Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. 2018-03-12 not yet calculated CVE-2017-18228
MISC bui — bui
  The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text. 2018-03-14 not yet calculated CVE-2018-8108
MISC bylancer — bookme_control_panel
  Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers “Book Me” function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user’s browser. 2018-03-17 not yet calculated CVE-2018-8737
MISC clamav — clamav
  ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. 2018-03-13 not yet calculated CVE-2018-1000085
MLIST
MISC
MLIST
UBUNTU
UBUNTU cloudme — cloudme
  An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the “CloudMe Sync” client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892. 2018-03-14 not yet calculated CVE-2018-7886
MISC clusterlabs — clusterlabs
  ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. 2018-03-12 not yet calculated CVE-2017-2661
CONFIRM
CONFIRM cms_made_simple — cms_made_simple
  CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. 2018-03-11 not yet calculated CVE-2018-8058
MISC cms_made_simple — cms_made_simple
  CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. 2018-03-13 not yet calculated CVE-2018-1000092
MISC cms_made_simple — cms_made_simple
  CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. 2018-03-11 not yet calculated CVE-2018-7893
MISC cms_made_simple — cms_made_simple
  CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. 2018-03-12 not yet calculated CVE-2018-1000094
MISC coppermine — photo_gallery
  Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-03-16 not yet calculated CVE-2014-4612
CONFIRM
MLIST
MLIST
CONFIRM
BID
CONFIRM
CONFIRM cryptonote — cryptonote
  CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior. 2018-03-13 not yet calculated CVE-2018-1000093
MISC
MISC
MISC curl — curl
  A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage 2018-03-14 not yet calculated CVE-2018-1000122
SECTRACK
CONFIRM
UBUNTU
DEBIAN curl — curl
  A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. 2018-03-14 not yet calculated CVE-2018-1000120
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN curl — curl
  A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service 2018-03-14 not yet calculated CVE-2018-1000121
BID
SECTRACK
CONFIRM
UBUNTU
DEBIAN datalust — seq
  Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via ‘”Name”:”isauthenticationenabled”,”Value”:false’ in an api/settings/setting-isauthenticationenabled PUT request. 2018-03-13 not yet calculated CVE-2018-8096
MISC
MISC dell — emc_data_protection_advisor
  EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: “Apollo System Test”, “emc.dpa.agent.logon” and “emc.dpa.metrics.logon”. An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). 2018-03-16 not yet calculated CVE-2017-8013
FULLDISC
BID
SECTRACK dell — emc_data_protection_advisor
  Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is “apollosuperuser.” An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account. 2018-03-12 not yet calculated CVE-2018-1206
CONFIRM
BID
SECTRACK dell — storage_manager
  In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. 2018-03-16 not yet calculated CVE-2017-14384
CONFIRM delta_electronics — delta_industrial_automation_dopsoft
  A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code. 2018-03-15 not yet calculated CVE-2018-5476
BID
MISC delta_electronics — delta_industrial_automation_screen_editor
  An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area. 2018-03-15 not yet calculated CVE-2017-16747
BID
MISC delta_electronics — delta_industrial_automation_screen_editor
  A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type (‘type confusion’) vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files. 2018-03-15 not yet calculated CVE-2017-16745
BID
MISC delta_electronics — delta_industrial_automation_screen_editor
  A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code. 2018-03-15 not yet calculated CVE-2017-16751
BID
MISC delta_electronics — delta_industrial_automation_screen_editor
  A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability. 2018-03-15 not yet calculated CVE-2017-16749
BID
MISC dewesoft — x3_sp1_devices
  RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a “SETFIREWALL Off” command. 2018-03-14 not yet calculated CVE-2018-7756
MISC
EXPLOIT-DB django — django
  An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. 2018-03-09 not yet calculated CVE-2018-7536
BID
MLIST
UBUNTU
CONFIRM django — django
  An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. 2018-03-09 not yet calculated CVE-2018-7537
BID
MLIST
UBUNTU
CONFIRM django-anymail — django-anymail
  Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4. 2018-03-13 not yet calculated CVE-2018-1000089
MISC
MISC doorkeeper — doorkeeper
  Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view’s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client’s name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0. 2018-03-13 not yet calculated CVE-2018-1000088
MISC
MISC
MISC
MISC enalean — tuleap
  A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. 2018-03-12 not yet calculated CVE-2018-7538
FULLDISC
MISC
CONFIRM
EXPLOIT-DB eve — eve
  io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. 2018-03-14 not yet calculated CVE-2018-8097
MISC
MISC exempi — exempi
  An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file. 2018-03-15 not yet calculated CVE-2017-18235
CONFIRM
CONFIRM exempi — exempi
  An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. 2018-03-15 not yet calculated CVE-2017-18237
CONFIRM
CONFIRM exempi — exempi
  An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. 2018-03-15 not yet calculated CVE-2017-18233
CONFIRM
CONFIRM exempi — exempi
  An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. 2018-03-15 not yet calculated CVE-2017-18238
CONFIRM
CONFIRM exempi — exempi
  An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. 2018-03-15 not yet calculated CVE-2017-18234
CONFIRM
CONFIRM exempi — exempi
  An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. 2018-03-15 not yet calculated CVE-2017-18236
CONFIRM
CONFIRM flexense — syncbreeze_enterprise
  An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs. 2018-03-12 not yet calculated CVE-2018-8065
MISC
MISC foreman — foreman
  Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. 2018-03-12 not yet calculated CVE-2017-2667
CONFIRM
BID
REDHAT
CONFIRM foxconn — femtocell
  One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications. 2018-03-10 not yet calculated CVE-2018-6311
MISC foxconn — femtocell
  A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. 2018-03-10 not yet calculated CVE-2018-6312
MISC freebsd — freebsd
  In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. 2018-03-09 not yet calculated CVE-2018-6916
SECTRACK
FREEBSD freeplane — freeplane
  FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim’s machine. This attack appears to require the vicim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. 2018-03-13 not yet calculated CVE-2018-1000069
MISC
MISC gemalto — sentinel_ldk_rte
  Stack overflow in custom XML-parser in Gemalto’s Sentinel LDK RTE version before 7.65 leads to remote denial of service 2018-03-13 not yet calculated CVE-2018-6304
MISC gemalto — sentinel_ldk_rte
  Denial of service in Gemalto’s Sentinel LDK RTE version before 7.65 2018-03-13 not yet calculated CVE-2018-6305
MISC gentoo — gentoo The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. 2018-03-12 not yet calculated CVE-2017-18225
CONFIRM gentoo — gentoo
  The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a “kill -TERM `cat /var/run/jabber/filename.pid`” command. 2018-03-12 not yet calculated CVE-2017-18226
CONFIRM glpi_project — glpi A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file’s extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. 2018-03-12 not yet calculated CVE-2018-7562
CONFIRM
MISC glpi_project — glpi
  An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim’s session token or login credentials, performing arbitrary actions on the victim’s behalf, and logging their keystrokes. 2018-03-12 not yet calculated CVE-2018-7563
CONFIRM
MISC google — android
  NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287. 2018-03-12 not yet calculated CVE-2017-6287
CONFIRM google — android
  NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288. 2018-03-12 not yet calculated CVE-2017-6288
CONFIRM google — android
  NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-64893247. Reference: N-CVE-2017-6286. 2018-03-12 not yet calculated CVE-2017-6286
BID
CONFIRM google — android
  NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281. 2018-03-12 not yet calculated CVE-2017-6281
BID
CONFIRM google — android
  NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285. 2018-03-12 not yet calculated CVE-2017-6285
CONFIRM google — android
  An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. 2018-03-13 not yet calculated CVE-2018-1000109
CONFIRM graphicsmagick — graphicsmagick
  An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. 2018-03-13 not yet calculated CVE-2017-18229
CONFIRM
CONFIRM graphicsmagick — graphicsmagick
  An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. 2018-03-13 not yet calculated CVE-2017-18230
CONFIRM
CONFIRM graphicsmagick — graphicsmagick
  An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. 2018-03-13 not yet calculated CVE-2017-18231
CONFIRM
CONFIRM hanwha_techwin — smartcams
  An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6296
MISC hanwha_techwin — smartcams
  Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6302
MISC hanwha_techwin — smartcams
  Unencrypted way of remote control and communications in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6295
MISC hanwha_techwin — smartcams
  Authentication bypass in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6299
MISC hanwha_techwin — smartcams
  Remote code execution in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6298
MISC hanwha_techwin — smartcams
  Unsecured way of firmware update in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6294
MISC hanwha_techwin — smartcams
  Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6301
MISC hanwha_techwin — smartcams
  Buffer overflow in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6297
MISC hanwha_techwin — smartcams
  Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6303
MISC hanwha_techwin — smartcams
  Remote password change in Hanwha Techwin Smartcams 2018-03-13 not yet calculated CVE-2018-6300
MISC hola — hola
  An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services. 2018-03-12 not yet calculated CVE-2018-6623
FULLDISC huawei — cloudengine
  Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. 2018-03-09 not yet calculated CVE-2016-8784
CONFIRM
BID huawei — cloudengine
  Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. 2018-03-09 not yet calculated CVE-2016-8782
CONFIRM
BID huawei — ensp
  Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal. 2018-03-09 not yet calculated CVE-2017-17321
CONFIRM
BID huawei — honor_6_and_p9_plus
  Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege. 2018-03-09 not yet calculated CVE-2016-8783
CONFIRM
BID huawei — mate_9_pro
  The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. 2018-03-09 not yet calculated CVE-2017-17279
CONFIRM
BID huawei — multiple_products
  Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. 2018-03-09 not yet calculated CVE-2016-8785
CONFIRM
BID huawei — multiple_products
  Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. 2018-03-09 not yet calculated CVE-2016-8786
CONFIRM
BID i_librarian — i-librarian
  I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. 2018-03-13 not yet calculated CVE-2018-1000124
CONFIRM ibm — application_performance_management_response_time_monitoring_agent
  IBM Application Performance Management – Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597. 2018-03-13 not yet calculated CVE-2018-1441
CONFIRM
XF ibm — business_process_manager
  IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393. 2018-03-15 not yet calculated CVE-2015-7463
CONFIRM
XF ibm — forms_server
  Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006. 2018-03-15 not yet calculated CVE-2016-0223
CONFIRM
XF ibm — infosphere_information_governance_catalog
  XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. 2018-03-12 not yet calculated CVE-2016-0250
CONFIRM
XF ibm — multiple_products
  Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296. 2018-03-15 not yet calculated CVE-2015-7453
CONFIRM
XF ibm — multiple_products
  Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604. 2018-03-12 not yet calculated CVE-2016-0261
CONFIRM
XF ibm — multiple_products
  Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429. 2018-03-15 not yet calculated CVE-2015-7471
CONFIRM
XF ibm — multiple_products
  IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098. 2018-03-15 not yet calculated CVE-2015-7440
CONFIRM
XF ibm — notes
  IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563. 2018-03-13 not yet calculated CVE-2018-1435
CONFIRM
BID
XF ibm — notes
  IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565. 2018-03-13 not yet calculated CVE-2018-1437
CONFIRM
BID
XF ibm — security_guardium_database_activity_monitor
  IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326. 2018-03-12 not yet calculated CVE-2016-0235
CONFIRM
XF ibm — security_guardium_database_activity_monitor
  IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328. 2018-03-12 not yet calculated CVE-2016-0237
CONFIRM
XF ibm — trivoli_workload_automation_for_aix
  IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. 2018-03-13 not yet calculated CVE-2018-1386
CONFIRM
XF ibm — websphere_application_server
  IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. 2018-03-13 not yet calculated CVE-2017-1741
CONFIRM
SECTRACK
XF ibm — websphere_portal
  IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906. 2018-03-13 not yet calculated CVE-2018-1444
SECTRACK
XF
CONFIRM idm — ipa
  Ipa before version 4.4.0-14 did not properly check the user’s permissions while modifying certificate profiles in IdM’s certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. 2018-03-13 not yet calculated CVE-2016-9575
REDHAT
BID
CONFIRM inversoft — prime-jwt
  inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227. 2018-03-13 not yet calculated CVE-2018-1000125
CONFIRM
CONFIRM ios_keychain — ios_keychain
  Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim’s iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf. 2018-03-13 not yet calculated CVE-2018-1000123
CONFIRM iredmail — iredmail
  iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user’s password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7. 2018-03-13 not yet calculated CVE-2018-1000072
MISC
MISC jasper — jasper
  JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. 2018-03-12 not yet calculated CVE-2016-9600
REDHAT
CONFIRM jasper — jasper
  JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. 2018-03-09 not yet calculated CVE-2016-9591
BID
REDHAT
CONFIRM
GENTOO
DEBIAN jboss — resteasy
  JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. 2018-03-09 not yet calculated CVE-2016-9606
REDHAT
REDHAT
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM jenkins — jenkins
  A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user’s browser when accessed. 2018-03-13 not yet calculated CVE-2018-1000108
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. 2018-03-13 not yet calculated CVE-2018-1000111
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. 2018-03-13 not yet calculated CVE-2018-1000107
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. 2018-03-13 not yet calculated CVE-2018-1000106
CONFIRM jenkins — jenkins
  A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. 2018-03-13 not yet calculated CVE-2018-1000104
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. 2018-03-13 not yet calculated CVE-2018-1000112
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. 2018-03-13 not yet calculated CVE-2018-1000105
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. 2018-03-13 not yet calculated CVE-2018-1000110
CONFIRM jenkins — jenkins
  A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript 2018-03-13 not yet calculated CVE-2018-1000113
CONFIRM jenkins — jenkins
  An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. 2018-03-13 not yet calculated CVE-2018-1000114
CONFIRM jolokia — jolokia
  An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim’s browser. 2018-03-14 not yet calculated CVE-2018-1000129
CONFIRM
CONFIRM jolokia — jolokia
  A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. 2018-03-14 not yet calculated CVE-2018-1000130
CONFIRM joomla! — joomla!
  In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. 2018-03-14 not yet calculated CVE-2018-8045
BID
SECTRACK
CONFIRM joyplus-cms — joyplus-cms
  joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. 2018-03-14 not yet calculated CVE-2018-8717
MISC jpxstream — jpxstream
  The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8106
MISC jpxstream — jpxstream
  The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8105
MISC jpxstream — jpxstream
  The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8100
MISC jpxstream — jpxstream
  The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8107
MISC jpxstream — jpxstream
  The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8101
MISC kadnode — kadnode
  KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution. 2018-03-13 not yet calculated CVE-2018-1000091
MISC keepkey — keepkey
  Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device’s font lacks. 2018-03-14 not yet calculated CVE-2018-6875
CONFIRM kingsoft — wps_office_free
  Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr — an “insecurely created named pipe.” Ensures full access to Everyone users group. 2018-03-12 not yet calculated CVE-2018-6400
FULLDISC kontena — kontena
  server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in “kontena master login –remote” code display, as demonstrated by /code#code= in a URI. 2018-03-15 not yet calculated CVE-2018-8728
MISC
MISC
MISC kubernetes — kubernetes
  In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. 2018-03-13 not yet calculated CVE-2017-1002102
REDHAT
CONFIRM kubernetes — kubernetes
  In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host’s filesystem. 2018-03-13 not yet calculated CVE-2017-1002101
REDHAT
CONFIRM libevt — libevt
  The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. 2018-03-17 not yet calculated CVE-2018-8754
MISC libgit2 — libgit2
  Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. 2018-03-13 not yet calculated CVE-2018-8099
CONFIRM
CONFIRM libgit2 — libgit2
  Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. 2018-03-13 not yet calculated CVE-2018-8098
CONFIRM
CONFIRM
CONFIRM libtiff — libtiff
  LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. 2018-03-11 not yet calculated CVE-2014-8129
MISC
MISC
APPLE
APPLE
MLIST
REDHAT
REDHAT
CONFIRM
CONFIRM
MISC
BID
SECTRACK
CONFIRM
GENTOO
DEBIAN libtiff — libtiff
  Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. 2018-03-11 not yet calculated CVE-2016-5314
CONFIRM
SUSE
SUSE
SUSE
SUSE
MLIST
MLIST
MLIST
CONFIRM
BID
BID
CONFIRM
CONFIRM
GENTOO
DEBIAN libtiff — libtiff
  The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. 2018-03-11 not yet calculated CVE-2014-8130
CONFIRM
APPLE
APPLE
MLIST
REDHAT
REDHAT
CONFIRM
CONFIRM
MISC
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO libvips — libvips
  In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. 2018-03-09 not yet calculated CVE-2018-7998
MISC
MISC
MLIST linux — linux_kernel
  The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). 2018-03-10 not yet calculated CVE-2018-8043
MISC
MISC linux — linux_kernel
  The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. 2018-03-15 not yet calculated CVE-2017-18232
MISC
BID
MISC linux — linux_kernel
  In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. 2018-03-11 not yet calculated CVE-2017-18224
MISC
BID
MISC linux — linux_kernel
  A flaw was found in the Linux 4.x kernel’s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. 2018-03-16 not yet calculated CVE-2018-1068
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST linux — linux_kernel
  Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. 2018-03-13 not yet calculated CVE-2018-8087
MISC
MISC memcached — memcached
  memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. 2018-03-13 not yet calculated CVE-2018-1000127
CONFIRM
CONFIRM
CONFIRM mercurial — mercurial
  Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. 2018-03-14 not yet calculated CVE-2018-1000132
CONFIRM microsoft — .net_core_and_powershell_core
  .NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka “.NET Core Denial of Service Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0875
BID
SECTRACK
REDHAT
CONFIRM microsoft — asp.net_core
  ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka “ASP.NET Core Elevation Of Privilege Vulnerability”. This CVE is unique from CVE-2018-0784. 2018-03-14 not yet calculated CVE-2018-0808
BID
SECTRACK
CONFIRM microsoft — asp.net_core
  ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka “ASP.NET Core Elevation Of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0787
BID
SECTRACK
CONFIRM
CONFIRM microsoft — chakracore_and_windows_10
  ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0936
BID
SECTRACK
CONFIRM microsoft — chakracore_and_windows_10
  ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0930
BID
CONFIRM microsoft — chakracore
  ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935. 2018-03-14 not yet calculated CVE-2018-0925
BID
CONFIRM microsoft — sharepoint_enterprise_server
  Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0917
BID
SECTRACK
CONFIRM microsoft — sharepoint_foundation_2013_sp1_and_ sharepoint_enterprise_server_2016
  Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944. 2018-03-14 not yet calculated CVE-2018-0947
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0900
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0811
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0901
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0895
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0896
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka “Win32k Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0977
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0897
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0899
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0904
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901. 2018-03-14 not yet calculated CVE-2018-0926
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0898
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0814
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0894
BID
SECTRACK
CONFIRM microsoft — windows_kernel
  The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. 2018-03-14 not yet calculated CVE-2018-0813
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. 2018-03-14 not yet calculated CVE-2018-0876
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka “Microsoft Exchange Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0941. 2018-03-14 not yet calculated CVE-2018-0924
BID
SECTRACK
CONFIRM microsoft — windows
  Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0929
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka “Microsoft Office Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0919
BID
SECTRACK
CONFIRM microsoft — windows
  Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka “Microsoft Browser Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0932
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0944
BID
SECTRACK
CONFIRM microsoft — windows
  Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka “Internet Explorer Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0942
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0939. 2018-03-14 not yet calculated CVE-2018-0891
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0911
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0910
BID
SECTRACK
CONFIRM microsoft — windows
  Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka “Windows Security Feature Bypass Vulnerability”. This CVE is unique from CVE-2018-0902. 2018-03-14 not yet calculated CVE-2018-0884
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka “Microsoft Office Excel Security Feature Bypass”. 2018-03-14 not yet calculated CVE-2018-0907
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936. 2018-03-14 not yet calculated CVE-2018-0937
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935. 2018-03-14 not yet calculated CVE-2018-0893
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0909
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0879
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka “Microsoft Access Remote Code Execution Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0903
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0922
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. 2018-03-14 not yet calculated CVE-2018-0889
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0914
BID
SECTRACK
CONFIRM microsoft — windows
  The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka “Windows Desktop Bridge Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0882. 2018-03-14 not yet calculated CVE-2018-0880
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0915
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0913
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0916
BID
SECTRACK
CONFIRM microsoft — windows
  The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by “*.com.” 2018-03-12 not yet calculated CVE-2016-9952
CONFIRM
CONFIRM microsoft — windows
  Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0921
BID
SECTRACK
CONFIRM microsoft — windows
  Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows Storage Services Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0983
BID
SECTRACK
CONFIRM microsoft — windows
  The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka “Hyper-V Denial of Service Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0885
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka “Microsoft Exchange Information Disclosure Vulnerability”. This CVE is unique from CVE-2018-0924. 2018-03-14 not yet calculated CVE-2018-0941
BID
SECTRACK
CONFIRM microsoft — windows
  Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka “Windows Installer Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0868
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka “Microsoft Exchange Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0940
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0933
BID
SECTRACK
CONFIRM microsoft — windows
  Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka “Windows Remote Assistance Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0878
BID
SECTRACK
CONFIRM microsoft — windows
  Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925. 2018-03-14 not yet calculated CVE-2018-0935
BID
SECTRACK
CONFIRM microsoft — windows
  The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka “Windows Desktop Bridge Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0880. 2018-03-14 not yet calculated CVE-2018-0882
BID
SECTRACK
CONFIRM microsoft — windows
  Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka “Microsoft Browser Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0927
BID
SECTRACK
CONFIRM microsoft — windows
  The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka “CredSSP Remote Code Execution Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0886
BID
SECTRACK
MISC
CONFIRM microsoft — windows
  Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0923
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0891. 2018-03-14 not yet calculated CVE-2018-0939
BID
SECTRACK
CONFIRM microsoft — windows
  Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. 2018-03-14 not yet calculated CVE-2018-0912
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0931
BID
CONFIRM microsoft — windows
  The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka “Windows Security Feature Bypass Vulnerability”. This CVE is unique from CVE-2018-0884. 2018-03-14 not yet calculated CVE-2018-0902
BID
SECTRACK
CONFIRM microsoft — windows
  The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka “Windows Desktop Bridge VFS Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0877
BID
SECTRACK
CONFIRM microsoft — windows
  The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. 2018-03-12 not yet calculated CVE-2016-9953
CONFIRM
CONFIRM microsoft — windows
  ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0934
BID
SECTRACK
CONFIRM microsoft — windows
  The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows GDI Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0815 and CVE-2018-0816. 2018-03-14 not yet calculated CVE-2018-0817
BID
SECTRACK
CONFIRM microsoft — windows
  Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka “Windows Shell Remote Code Execution Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0883
BID
SECTRACK
CONFIRM microsoft — windows
  The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka “Microsoft Video Control Elevation of Privilege Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0881
BID
SECTRACK
CONFIRM microsoft — windows
  The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka “Hyper-V Information Disclosure Vulnerability”. 2018-03-14 not yet calculated CVE-2018-0888
BID
SECTRACK
CONFIRM microsoft — windows
  The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows GDI Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0816, and CVE-2018-0817. 2018-03-14 not yet calculated CVE-2018-0815
BID
SECTRACK
CONFIRM microsoft — windows
  The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows GDI Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0815 and CVE-2018-0817. 2018-03-14 not yet calculated CVE-2018-0816
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0874
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0872
BID
SECTRACK
CONFIRM microsoft — windows
  ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. 2018-03-14 not yet calculated CVE-2018-0873
BID
SECTRACK
CONFIRM mitel — connect_onsite
  A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. 2018-03-14 not yet calculated CVE-2018-5782
CONFIRM
CONFIRM mitel — connect_onsite
  A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. 2018-03-14 not yet calculated CVE-2018-5779
CONFIRM
CONFIRM mitel — connect_onsite
  A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. 2018-03-14 not yet calculated CVE-2018-5781
CONFIRM
CONFIRM mitel — connect_onsite
  A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. 2018-03-14 not yet calculated CVE-2018-5780
CONFIRM
CONFIRM mitel — mitel_st
  A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. 2018-03-13 not yet calculated CVE-2017-16251
CONFIRM
CONFIRM mitel — mitel_st
  A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. 2018-03-13 not yet calculated CVE-2017-16250
CONFIRM
CONFIRM netiq — access_manager
  A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. 2018-03-14 not yet calculated CVE-2018-7678
BID
CONFIRM netiq — access_manager
  A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. 2018-03-14 not yet calculated CVE-2018-7677
BID
CONFIRM npr — visuals_team_pym.js
  NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.js#L573 that can result in Arbitrary javascript code execution. This attack appear to be exploitable via Attacker gains full javascript access to pages with Pym.js embeds when user visits an attacker crafted page.. This vulnerability appears to have been fixed in versions 1.3.2 and later. 2018-03-13 not yet calculated CVE-2018-1000086
MISC
MISC
MISC opendaylight — opendaylight
  OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. 2018-03-16 not yet calculated CVE-2018-1078
CONFIRM osisoft — pi_web_api
  A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. 2018-03-14 not yet calculated CVE-2018-7500
BID
MISC osisoft — pi_web_api
  A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. 2018-03-14 not yet calculated CVE-2018-7508
BID
MISC osisoft – pi_data_archive
  An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. 2018-03-14 not yet calculated CVE-2018-7531
BID
MISC osisoft – pi_data_archive
  A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. 2018-03-14 not yet calculated CVE-2018-7529
BID
MISC osisoft – pi_data_archive
  An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. 2018-03-14 not yet calculated CVE-2018-7533
BID
MISC osisoft – pi_vision
  A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. 2018-03-14 not yet calculated CVE-2018-7504
BID
MISC osisoft – pi_vision
  An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. 2018-03-14 not yet calculated CVE-2018-7496
BID
MISC ovirt — ovirt
  oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3. 2018-03-12 not yet calculated CVE-2018-1000095
MISC
MISC panda — global_protection
  Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal — an “insecurely created named pipe.” Ensures full access to Everyone users group. 2018-03-12 not yet calculated CVE-2018-6322
FULLDISC panda — global_protection
  Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. 2018-03-12 not yet calculated CVE-2018-6321
FULLDISC paramiko — paramiko
  transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. 2018-03-13 not yet calculated CVE-2018-7750
CONFIRM
CONFIRM
CONFIRM pitchfork — pitchfork
  Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the “System Administrator” permission to “yes” on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2. 2018-03-16 not yet calculated CVE-2018-1000133
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC pivotal — concourse
  Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a “concourse-dot-ci” domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub. 2018-03-13 not yet calculated CVE-2018-1227
CONFIRM pivotal — gemfire_for_pivotal_cloud_foundry
  The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. 2018-03-16 not yet calculated CVE-2016-9880
BID
CONFIRM pivotal — pivotal_application_service
  Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links. 2018-03-16 not yet calculated CVE-2018-1200
BID
CONFIRM piwigo — piwigo
  Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. 2018-03-16 not yet calculated CVE-2014-4613
OSVDB
MISC
CONFIRM
CONFIRM
MLIST
MLIST
EXPLOIT-DB
BID qcms — qcms
  QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. 2018-03-12 not yet calculated CVE-2018-8069
MISC qcms — qcms
  QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. 2018-03-12 not yet calculated CVE-2018-8070
MISC qemu — qemu
  Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. 2018-03-12 not yet calculated CVE-2018-7858
MLIST
BID
CONFIRM
MLIST qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite. 2018-03-16 not yet calculated CVE-2017-15831
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access. 2018-03-15 not yet calculated CVE-2017-14882
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution. 2018-03-16 not yet calculated CVE-2017-18065
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow. 2018-03-16 not yet calculated CVE-2017-18055
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory access. 2018-03-15 not yet calculated CVE-2017-18063
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read. 2018-03-15 not yet calculated CVE-2017-18056
BID
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas(). 2018-03-16 not yet calculated CVE-2017-18061
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. 2018-03-15 not yet calculated CVE-2017-14878
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18058
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18057
CONFIRM
MISC qualcomm — android
  In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. 2018-03-15 not yet calculated CVE-2017-17773
BID
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler. 2018-03-16 not yet calculated CVE-2017-14889
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow. 2018-03-15 not yet calculated CVE-2017-18067
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. 2018-03-16 not yet calculated CVE-2018-3561
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer. 2018-03-15 not yet calculated CVE-2016-10393
BID
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event(). 2018-03-16 not yet calculated CVE-2017-18062
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow. 2018-03-15 not yet calculated CVE-2017-18068
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame. 2018-03-15 not yet calculated CVE-2017-15815
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur. 2018-03-16 not yet calculated CVE-2017-14887
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl(). 2018-03-16 not yet calculated CVE-2017-18066
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow. 2018-03-16 not yet calculated CVE-2017-15834
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2018-03-16 not yet calculated CVE-2017-15814
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer’s num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation – link_stats_results_size is based on num_rates. 2018-03-15 not yet calculated CVE-2017-14885
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18053
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18051
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device. 2018-03-16 not yet calculated CVE-2018-3560
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs. 2018-03-16 not yet calculated CVE-2017-11082
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18052
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18059
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow. 2018-03-16 not yet calculated CVE-2017-18054
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow. 2018-03-15 not yet calculated CVE-2017-18064
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread. 2018-03-15 not yet calculated CVE-2017-18069
BID
CONFIRM qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure. 2018-03-16 not yet calculated CVE-2017-15833
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18060
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API. 2018-03-16 not yet calculated CVE-2017-11074
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite. 2018-03-15 not yet calculated CVE-2017-15821
BID
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow. 2018-03-16 not yet calculated CVE-2017-15830
CONFIRM
MISC qualcomm — android
  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read. 2018-03-16 not yet calculated CVE-2017-18050
CONFIRM
MISC red_hat — enterprise_linux
  curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. 2018-03-12 not yet calculated CVE-2017-2628
REDHAT
BID
CONFIRM red_hat — jboss_enterprise_application_platform
  Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. 2018-03-09 not yet calculated CVE-2016-9585
BID
CONFIRM red_hat — keycloak Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. 2018-03-12 not yet calculated CVE-2016-8629
REDHAT
BID
SECTRACK
REDHAT
REDHAT
CONFIRM red_hat — keycloak Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. 2018-03-12 not yet calculated CVE-2017-2585
REDHAT
BID
SECTRACK
REDHAT
REDHAT
CONFIRM red_hat — openshift_enterprise Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. 2018-03-09 not yet calculated CVE-2018-1069
BID
CONFIRM red_hat — wildfly
  Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to “max-headers” (default 200) * “max-header-size” (default 1MB) per active TCP connection. 2018-03-12 not yet calculated CVE-2016-9589
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
BID
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM roundcube — roundcube
  roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. 2018-03-13 not yet calculated CVE-2018-1000071
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000079
MISC
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000077
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000078
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000073
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000076
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000074
MISC
MISC ruby — ruby
  RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. 2018-03-13 not yet calculated CVE-2018-1000075
MISC
MISC samba — samba
  All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. 2018-03-13 not yet calculated CVE-2018-1050
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM samba — samba
  On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users’ passwords, including administrative users and privileged service accounts (eg Domain Controllers). 2018-03-13 not yet calculated CVE-2018-1057
BID
SECTRACK
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
CONFIRM samba — samba
  Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. 2018-03-12 not yet calculated CVE-2017-2619
BID
SECTRACK
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
DEBIAN
EXPLOIT-DB
CONFIRM sap — business_client
  Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. 2018-03-14 not yet calculated CVE-2018-2398
BID
CONFIRM
CONFIRM sap — business_objects_business_intelligence_platform
  In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. 2018-03-14 not yet calculated CVE-2018-2397
BID
CONFIRM
CONFIRM sap — business_process_automation_by_redwood
  SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability. 2018-03-14 not yet calculated CVE-2018-2401
BID
CONFIRM
CONFIRM sap — business_process_automation_by_redwood
  SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. 2018-03-14 not yet calculated CVE-2018-2366
BID
CONFIRM
CONFIRM sap — business_process_automation_by_redwood
  Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted. 2018-03-14 not yet calculated CVE-2018-2400
BID
CONFIRM
CONFIRM sap — hana
  In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system. 2018-03-14 not yet calculated CVE-2018-2402
BID
CONFIRM
CONFIRM sap — process_monitoring_infrastructure
  Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. 2018-03-14 not yet calculated CVE-2018-2399
BID
CONFIRM
CONFIRM schedmd — slurm
  SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. 2018-03-15 not yet calculated CVE-2018-7033
CONFIRM
CONFIRM schneider_electric — somove_and_dtm_software
  A DLL hijacking vulnerability exists in Schneider Electric’s SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. 2018-03-09 not yet calculated CVE-2018-7239
BID
MISC
CONFIRM securenvoy — securmail
  Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx. 2018-03-14 not yet calculated CVE-2018-7705
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe. 2018-03-14 not yet calculated CVE-2018-7706
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. 2018-03-14 not yet calculated CVE-2018-7702
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe. 2018-03-14 not yet calculated CVE-2018-7704
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message. 2018-03-14 not yet calculated CVE-2018-7707
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe. 2018-03-14 not yet calculated CVE-2018-7701
FULLDISC
EXPLOIT-DB
MISC securenvoy — securmail
  Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe. 2018-03-14 not yet calculated CVE-2018-7703
FULLDISC
EXPLOIT-DB
MISC servicenow_itsm — servicenow_itsm
  ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). 2018-03-15 not yet calculated CVE-2018-8720
MISC sharutils — sharutils
  Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. 2018-03-12 not yet calculated CVE-2018-1000097
BUGTRAQ spacewalk — spacewalk
  Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. 2018-03-14 not yet calculated CVE-2018-1077
CONFIRM spice-gtk — spice-gtk
  A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. 2018-03-14 not yet calculated CVE-2017-12194
BID
CONFIRM spring_security — spring_security
  Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. 2018-03-16 not yet calculated CVE-2018-1199
CONFIRM sqlite — sqlite
  In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. 2018-03-16 not yet calculated CVE-2018-8740
MISC
MISC
MISC
MISC squirrelmail — squirrelmail A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. 2018-03-17 not yet calculated CVE-2018-8741
MISC
MISC
MISC
MISC suse — portus
  The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used. 2018-03-11 not yet calculated CVE-2018-8059
MISC teluu_pjsip — teluu_pjsip
  Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. 2018-03-12 not yet calculated CVE-2018-1000098
MISC
MISC teluu_pjsip — teluu_pjsip
  Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. 2018-03-12 not yet calculated CVE-2018-1000099
MISC
MISC
MISC textpattern — textpattern
  textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file. 2018-03-13 not yet calculated CVE-2018-1000090
MISC textpattern_cms — textpattern_cms An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable “qty” on the page index.php. 2018-03-14 not yet calculated CVE-2018-7474
FULLDISC
EXPLOIT-DB tiny-json-http — tiny-json-http
  brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. 2018-03-12 not yet calculated CVE-2018-1000096
MISC titanhq — webtitan_gateway
  TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. 2018-03-12 not yet calculated CVE-2017-18227
MISC
MISC
MISC trend_micro — email_encryption_gateway
  A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. 2018-03-15 not yet calculated CVE-2018-6229
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. 2018-03-15 not yet calculated CVE-2018-6222
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. 2018-03-15 not yet calculated CVE-2018-6230
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. 2018-03-15 not yet calculated CVE-2018-6227
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters. 2018-03-15 not yet calculated CVE-2018-6223
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. 2018-03-15 not yet calculated CVE-2018-6219
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. 2018-03-15 not yet calculated CVE-2018-6225
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. 2018-03-15 not yet calculated CVE-2018-6228
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. 2018-03-15 not yet calculated CVE-2018-6220
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. 2018-03-15 not yet calculated CVE-2018-6224
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. 2018-03-15 not yet calculated CVE-2018-6221
CONFIRM
MISC
EXPLOIT-DB trend_micro — email_encryption_gateway
  Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. 2018-03-15 not yet calculated CVE-2018-6226
CONFIRM
MISC
EXPLOIT-DB trend_micro — smart_protection_server
  A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. 2018-03-15 not yet calculated CVE-2018-6231
CONFIRM
MISC unboundid — ldap_sdk
  UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn’t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. 2018-03-16 not yet calculated CVE-2018-1000134
CONFIRM unitrends — unitrends_backups
  It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. 2018-03-14 not yet calculated CVE-2018-6328
CONFIRM
CONFIRM unitrends — unitrends_backups
  It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. 2018-03-14 not yet calculated CVE-2018-6329
CONFIRM
CONFIRM vmware — workstation_and_fusion
  VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. 2018-03-15 not yet calculated CVE-2018-6957
SECTRACK
CONFIRM vpn_unlimited — vpn_unlimited
  VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root. 2018-03-16 not yet calculated CVE-2018-8739
MISC weblog_expert — web_server_enterprise
  WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991. 2018-03-09 not yet calculated CVE-2018-7582
MISC
MISC
EXPLOIT-DB weblog_expert — web_server_enterprise
  \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. 2018-03-09 not yet calculated CVE-2018-7581
MISC
MISC
EXPLOIT-DB webmin — webmin
  An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of “Can view any file as a log file” is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the ‘/etc/shadow’ file via a “GET /syslog/save_log.cgi?view=1&file=/etc/shadow” request. 2018-03-14 not yet calculated CVE-2018-8712
MISC western_bridge_cobub_razor — western_bridge_cobub_razor
  A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. 2018-03-11 not yet calculated CVE-2018-8057
MISC
MISC western_bridge_cobub_razor — western_bridge_cobub_razor
  Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php. 2018-03-11 not yet calculated CVE-2018-8056
MISC
MISC wicket — jquery
  In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor. 2018-03-12 not yet calculated CVE-2017-15719
CONFIRM
CONFIRM wolfcms — wolfcms
  WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in “Create New File” and “Create New Directory” input box from ‘files’ Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the “Create New File” and “Create New Directory” input box from ‘files’. 2018-03-13 not yet calculated CVE-2018-1000087
MISC
MISC wolfcms — wolfcms
  WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name . 2018-03-13 not yet calculated CVE-2018-1000084
MISC wordpress — wordpress
  A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack. 2018-03-14 not yet calculated CVE-2018-8711
MISC
MISC
MISC wordpress — wordpress
  Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later. 2018-03-14 not yet calculated CVE-2018-1000131
MISC
CONFIRM
MISC wordpress — wordpress
  Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. 2018-03-15 not yet calculated CVE-2018-8729
MISC
MISC
MISC
MISC wordpress — wordpress
  A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the “shortcode” parameters would be evaluated. Normally unauthenticated users can’t evaluate shortcodes as they are often sensitive. 2018-03-14 not yet calculated CVE-2018-8710
MISC
MISC
MISC xpdf — xpdf
  The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8103
MISC xpdf — xpdf
  The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8104
MISC xpdf — xpdf
  The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. 2018-03-13 not yet calculated CVE-2018-8102
MISC yzmcms — yzmcms
  YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. 2018-03-13 not yet calculated CVE-2018-8078
MISC zenmate — zenmate
  ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker. 2018-03-15 not yet calculated CVE-2018-8076
MISC zoho — manageengine_desktop_central
  Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. 2018-03-15 not yet calculated CVE-2018-8722
CONFIRM zoho — manageengine_eventlog_analyzer
  Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen 2018-03-15 not yet calculated CVE-2018-8721
BID
CONFIRM zoho — manageengine_eventlog_analyzer
  Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-03-13 not yet calculated CVE-2018-7405
CONFIRM
CONFIRM zsh — zsh
  zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. 2018-03-09 not yet calculated CVE-2018-1071
BID
CONFIRM